mirror of
https://github.com/gamaio/UnPS-API.git
synced 2024-12-22 02:02:40 +00:00
Add ability to reset password
This is really insecure... only checks for email address Maybe I'll design a key generation and email thing - (generate random pass, email to user, next login, change password) - Or something. This is why I don't normally include a reset password -- function
This commit is contained in:
parent
3f366ff313
commit
d591e1cac7
@ -358,6 +358,33 @@ class api{
|
||||
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
|
||||
return "APIKey reset. Key: $key";
|
||||
}
|
||||
|
||||
function resetPass($apidb, $apikey, $email, $newpass){
|
||||
$apisql = "SELECT * FROM `users` WHERE `key` = '$apikey' LIMIT 1;";
|
||||
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
|
||||
if($row = $result->fetch_assoc()){
|
||||
$canUser = 1;
|
||||
$name = $row['name'];
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
$apisql = "INSERT INTO `apiuse` (time, name, apikey, ip, type, allowed, misc) VALUES (NOW(), '$name', '$apikey', '$ip', 'Reset User Password', '$canUser', '$email')";
|
||||
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
|
||||
}
|
||||
|
||||
$sql = "SELECT * FROM `users` WHERE `email` = '$email'";
|
||||
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
|
||||
|
||||
$iterations = mt_rand(11, 51);
|
||||
$password = explode("/", hashpass($password, NULL, $iterations));
|
||||
$salt = $password[1];
|
||||
$password = $password[0];
|
||||
|
||||
$sql = "UPDATE `users` (password, salt, iterations) VALUES ('$password', '$salt', '$iterations') WHERE `email` = '$email';";
|
||||
if(!$result = $apidb->query($apisql)) return 'ERROR: ['.$apidb->error.']';
|
||||
return "Password changed";
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
Loading…
Reference in New Issue
Block a user